CVE-2016-2961

CWE-200Information Exposure4 documents4 sources
Severity
5.3MEDIUM
EPSS
0.2%
top 61.97%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
2
IBM Integration BUSIBM Websphere Message Broker
Timeline
PublishedJul 2
Latest updateMay 17

Description

The integration server in IBM Integration Bus 9 before 9.0.0.6 and 10 before 10.0.0.5 and WebSphere Message Broker 8 before 8.0.0.8 allows remote attackers to obtain sensitive Tomcat version information by sending a malformed POST request and then reading the Java stack trace.

CVSS vector

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:NExploitability: 3.9 | Impact: 1.4

Affected Packages2 packages

NVDibm/integration_bus11 versions+10

🔴Vulnerability Details

2
GHSA
GHSA-g883-wc2w-9q7m: The integration server in IBM Integration Bus 9 before 92022-05-17
CVEList
CVE-2016-2961: The integration server in IBM Integration Bus 9 before 92016-07-02

💥Exploits & PoCs

1
Exploit-DB
CesarFTP 0.99g - XCWD Denial of Service2016-01-19
CVE-2016-2961 (MEDIUM CVSS 5.3) | The integration server in IBM Integ | cvebase.io